Changing Our Agent Technology for GDPR

If your company handles personally identifiable information of any sort, chances are, you’ve heard about the general data protection regulation, or GDPR. As we mentioned on our blog last week, GDPR goes into full effect on May 25, and will force companies that handle PII to implement privacy by design.

On that front, we have another minor update to offer: in the next week or two–certainly before May 25–we will be releasing an update to our agent technology that we hope will make life a little bit easier for our customers as they navigate the complicated waters of GDPR.

Currently, many of our customers already use our agent for security–remote wipe, version control, etc. The catch is that, if you use our agent for security, it’s also collecting crash logs and session data. Technically, as all of that could be traceable back to a person, that data falls under PII in GDPR. We already take steps to secure and anonymize that data before using it for usage stats, etc., but with GDPR, customers may want to take the step of avoiding that data collection entirely.

Under our new agent update, customers will be able to configure the agent such that it’s used only for security verification, without everything else we mentioned above. We made our agent configurable after distribution last year; this will be a new configuration option that gives you full control over what information the agent is collecting. Inside of the app, we’ll associate the app and device with that specific user, but we won’t store user data. This puts the agent in a unique state of just enforcing security policy.

Existing agents will work as they’ve always worked, which is to say that customers will need to update their agent to take advantage of this new functionality.

Although this is a relatively minor update, we hope it makes life easier for our customers seeking to avoid challenges in GDPR compliance in the coming months. Stay tuned in the next week or so for news that the update has gone live!